Specifications
Chapter 6 Managing User Authentication 79
Changing the Password Type to Shadow Password
Using Workgroup Manager, you can specify that a user have a shadow password stored
in a secure file apart from the directory domain. Only users whose accounts reside in
the local directory domain can have a shadow password.
To specify that a user account authenticate using a shadow password:
1 In Workgroup Manager, open the account you want to work with if it is not already
open.
To open an account, click the Accounts button, then click the Users button. Click the
small globe icon above the list of users and choose from the pop-up menu to open the
local directory domain where the user’s account resides. Click the lock and authenticate
as a directory domain administrator. Then select the user in the list.
2 Click Advanced, then choose Shadow Password from the User Password Type pop-up
menu.
3 If you changed the user’s password type, you will be prompted to enter and verify a
new password.
If you are working with a new user, enter the password on the Basic pane in the
Password field, then reenter it in the Verify field.
4 Click Save.
Enabling Single Signon Authentication for a User
You enable single signon authentication for a user account in an LDAP directory
Mac OS X Server version 10.3 by using the Advanced pane of Workgroup Manager to
set the account’s password type to Open Directory. Single signon is a feature of
Kerberos authentication. For instructions, see “Changing the Password Type to Open
Directory” on page 76.
Enabling Kerberos Authentication for a User
You enable Kerberos authentication for a user account in an LDAP directory of
Mac OS X Server version 10.3 by setting the account’s password type to Open Directory
on the Advanced pane of Workgroup Manager. For instructions, see “Changing the
Password Type to Open Directory” on page 76.
LL2352.Book Page 79 Friday, August 22, 2003 3:12 PM